Aphex Posted January 22, 2013 Share Posted January 22, 2013 (edited) Hello. I have this change password script but when I type something into the existing password box and leave the new password and confirm new password box blank it says the password has been changed. If I leave all boxes blank it says all fields are required (which is what I want it to say unless ALL boxes have been filled in). Also, if I do type in all 3 boxes it says the password has been changed but it doesn't even change it. I have set it as SHA1 but still no luck, it still allows me to log in with the existing password. else if($_POST['submit']=='Doit') { // Checking whether the Login form has been submitted $err = array(); // Will hold our errors if(!count($err)) { $_POST['password2'] = mysql_real_escape_string($_POST['password2']); $_POST['password3'] = mysql_real_escape_string($_POST['password3']); $_POST['password4'] = mysql_real_escape_string($_POST['password4']); // Escaping all input data } if(!$_POST['password2'] || !$_POST['password3'] || !$_POST['password4']) { $err[] = 'All fields are required.'; } $row = mysql_fetch_assoc(mysql_query("SELECT * FROM playerdata WHERE user='{$_SESSION['user']}' AND password='".sha1($_POST['password2'])."'")); if($row['user']) { if($_POST['password3'] == $_POST['password4']) { // If everything is OK login $pass = substr(sha1($_POST['password3'])); mysql_query(" INSERT INTO playerdata(user,password) VALUES( '".$_SESSION['user']."', '".sha1($_POST['password3'])."' )"); $_SESSION['msg']['change-success']='Your existing password has been changed. '.$pass; } else $err[] = 'Your new passwords do not match.'; // Store some data in the session } else $err[]='You have entered an invalid existing password.'; if($err) $_SESSION['msg']['change-err'] = implode('<br />',$err); // Save the error messages in the session header("Location: http://127.0.0.1/"); exit; } Edited January 22, 2013 by Aphex Quote Link to comment https://forums.phpfreaks.com/topic/273500-change-password-half-working/ Share on other sites More sharing options...
Jessica Posted January 22, 2013 Share Posted January 22, 2013 (edited) Cool story bro. Edit: well if you post the code it ruins my post. Pah. Edited January 22, 2013 by Jessica Quote Link to comment https://forums.phpfreaks.com/topic/273500-change-password-half-working/#findComment-1407546 Share on other sites More sharing options...
requinix Posted January 22, 2013 Share Posted January 22, 2013 (edited) You set the error array to be empty, then check if there's something in it (spoiler: there won't be), then add errors to it, then completely ignore whether there were errors and continue on regardless. It also seems like you have something which looks for a change-success message and, if present, ignores any change-err messages. [edit] Also, $pass = substr(sha1($_POST['password3'])); Don't know what that's supposed to do but since you didn't give a second argument to substr() $pass will be null or false, and $_SESSION['msg']['change-success']='Your existing password has been changed. '.$pass; I assume you add in the $pass for debugging? Which won't work because of the whole "null or false" thing. Edited January 22, 2013 by requinix Quote Link to comment https://forums.phpfreaks.com/topic/273500-change-password-half-working/#findComment-1407547 Share on other sites More sharing options...
ncurran217 Posted January 22, 2013 Share Posted January 22, 2013 I think you need to use an update statement for you query not an insert. But I could be wrong not to sure about it, just a thought. Quote Link to comment https://forums.phpfreaks.com/topic/273500-change-password-half-working/#findComment-1407549 Share on other sites More sharing options...
Aphex Posted January 22, 2013 Author Share Posted January 22, 2013 Update. I forgot to use "UPDATE" query instead of "INSERT" as the user would have already been added in order for the change pass function to work, so I got that working where it changes the password to SHA1 and adds it to the database successfully. Now it's just the matter of it detecting whether all fields have been filled in even if two has and one hasn't. else if($_POST['submit']=='Doit') { // Checking whether the Change Pass form has been submitted $err = array(); // Will hold our errors if(!count($err)) { $_POST['password2'] = mysql_real_escape_string($_POST['password2']); $_POST['password3'] = mysql_real_escape_string($_POST['password3']); $_POST['password4'] = mysql_real_escape_string($_POST['password4']); // Escaping all input data } if(!$_POST['password2'] || !$_POST['password3'] || !$_POST['password4']) { $err[] = 'All fields are required.'; } $pass = $_POST['password3']; $row = mysql_fetch_assoc(mysql_query("SELECT * FROM playerdata WHERE user='{$_SESSION['user']}' AND password='".sha1($_POST['password2'])."'")); if($row['user']) { if($_POST['password3'] == $_POST['password4']) { mysql_query("UPDATE playerdata SET password='".sha1($_POST['password3'])."' WHERE user='{$_SESSION['user']}'"); $_SESSION['msg']['change-success']='Your password has been successfully changed to '.$pass; } else $err[] = 'Your new passwords do not match.'; // Store some data in the session } else $err[]='You have entered an invalid existing password.'; if($err) $_SESSION['msg']['change-err'] = implode('<br />',$err); // Save the error messages in the session header("Location: http://127.0.0.1/"); exit; } This works when no fields are filled in: if(!$_POST['password2'] || !$_POST['password3'] || !$_POST['password4']) { $err[] = 'All fields are required.'; } But I need this to happen if only one or two fields have been filled in (there's three fields altogether, "Existing Password, New Password and Confirm New Password") Quote Link to comment https://forums.phpfreaks.com/topic/273500-change-password-half-working/#findComment-1407550 Share on other sites More sharing options...
Aphex Posted January 22, 2013 Author Share Posted January 22, 2013 Yeah thanks ncurran, may be the lack of sleep I've been dealing with for the past week now as this is a gaming community I've been working on for GTA San Andreas Multiplayer (SA-MP) Quote Link to comment https://forums.phpfreaks.com/topic/273500-change-password-half-working/#findComment-1407552 Share on other sites More sharing options...
Aphex Posted January 22, 2013 Author Share Posted January 22, 2013 Please close this topic I've solved it. Quote Link to comment https://forums.phpfreaks.com/topic/273500-change-password-half-working/#findComment-1407556 Share on other sites More sharing options...
Jessica Posted January 22, 2013 Share Posted January 22, 2013 Hit the Mark Solved button. Quote Link to comment https://forums.phpfreaks.com/topic/273500-change-password-half-working/#findComment-1407558 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.